SAN FRANCISCO, Dec. 2, 2014 /PRNewswire/ -- Today Appthority, the leader in enterprise Mobile App Risk Management, announced the immediate release of a solution for analyzing and exposing both the MASQUE and WireLurker iOS mobile malware for its customers. As the first mobile app security company to detect this new iOS malware, which surfaced in early and mid-November, Appthority moved quickly to implement scanning, analysis and detection for both MASQUE and WireLurker. By quickly deploying an update to its cloud-based solution, Appthority enterprise customers have been protected since November 20, 2014.
The MASQUE and WireLurker iOS malware are a threat to enterprise customers using iPhone and iPad devices because they compromise sensitive company data. An attack takes place when users update or add apps to their devices due to a critical vulnerability in iOS 7 and iOS 8 that allows hackers to install imposter apps which stealthily replace an existing legitimate app with an identical looking malicious version. In addition to the ability to leak private and sensitive data, the malicious app can also potentially capture an employee's identification or login credentials without their knowledge.
Appthority has determined that mobile apps downloaded from third party app stores or private iOS apps—developed for internal enterprise use—manually installed on mobile devices, are at risk from MASQUE and WireLurker malware. The MASQUE malware in particular puts sensitive enterprise data at-risk by making use of iOS vulnerabilities and techniques to replace a legitimate app, such as a mobile corporate email program or calendar, with a malicious copy. The malicious copy may look and behave just like the original app, quietly accessing the original private data and emails while reading and exfiltrating this sensitive data to a remote network address.
"Appthority takes mobile malware seriously and is proud to be the first mobile app security company to deploy a commercial solution for detecting both MASQUE and WireLurker iOS malware," said Paul Stich, CEO of Appthority. "Our customers count on us to protect them from the escalating risk to private and sensitive company information from mobile apps, and doing so is our top priority."
Only Appthority Enterprise Mobile App Risk Management provides a comprehensive and dynamic solution for effectively managing mobile app risk and protecting private enterprise data. As the first mobile security company to commercially deploy a solution for MASQUE and WireLurker iOS malware detection to its customers, Appthority has issued an update to its cloud-based risk analysis engine to assess and alert its customers if this malware is identified on apps they have submitted for analysis. Through deep binary code structure analysis and identification of risky mobile app behaviors, Appthority Mobile App Risk Management intelligently assesses and exposes overall app risk to the enterprise. With a continuous analysis of risky apps, enterprise mobility and security teams have the ability to dynamically configure mobile app risk policies for different groups of employees and to monitor for ongoing policy compliance.
"In the past, iOS malware was limited to academic scenarios or proof of concept demonstrations," said Domingo Guerra, president and co-founder of Appthority. "As mobile malware evolves and morphs into a legitimate business threat, it is critical that security companies move quickly to protect their customers. Appthority is proud to offer the first commercially available product that detects these new types of iOS malware, giving us the most complete App Risk Management service capable of automatically analyzing apps to address not only new malware threats, but also corporate data exfiltration and privacy concerns."
Appthority has determined that apps downloaded from Apple's App Store are not at risk for the MASQUE and WireLurker malware.
Appthority provides the industry's first all-in-one App Risk Management service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data. Named the Most Innovative Company of RSA Conference 2012, Appthority has analyzed nearly two million apps for its Global 2000 and government customers. By delivering trust to the app ecosystem, Appthority allows enterprises to securely benefit from the proliferation of useful apps. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners and Venrock. More information on Appthority can be found at https://www.appthority.com.
Appthority name and logo are either registered trademarks or trademarks of Appthority, Inc in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.